Cyber and terrorism risks for hotel operators
This article first appeared on businessleader.co.uk.
Cyber-attacks and terrorism related events are two prominent risks that hotel operators face in today’s environment.
Hotel operators are typically required to manage and store large amounts of personal data, with significant money and effort spent on securing their IT infrastructure to prevent breaches. Hotel and reservation systems can be interconnected with a large number of third-party systems and ‘attachments’. Virtual intruders are increasingly finding new ways to by-pass cyber defences via these third-party systems and attachments to their systems.
It is not just personal data and undetected gaps in core IT systems that can leave a hotel business vulnerable. Other areas - such as Building Management Systems which are typically not designed with cyber security in mind - can also be vulnerable.
Building and access control systems are computers that monitor and control building operations such as air-conditioning, electrical power, electronic card reading, lifts, fire alarms and suppression systems, heating, lighting, ventilation and surveillance. It is these very advancements, and the ever increasing reliance on automation and remote operations, that are exposing systems to possible cyber-breaches and full on attacks.
Dedicated and comprehensive cyber insurance is therefore becoming increasingly and critically important to provide businesses with protection and support for a whole range of cyber related eventualities.
Terrorism has become a major risk factor for the hospitality industry. This should not come as a surprise given the continuous foot traffic, multiple entrances and exits and numerous public areas for congregation. Western countries in particular have seen a marked increase in ‘Active Assailant’ incidents. These attacks are often carried out by individuals or small groups using guns, knives and vehicles to cause death, damage and destruction.
Traditional terrorism policies have historically been primarily focused around Property Damage, usually sustained from well-known and organised groups, and typically do not cover Active Assailant scenarios.
Hotel businesses are therefore increasingly opting to buy, or at least consider, Active Assailants insurance policies which cover costs such as medical or mental health care expenses, business interruption, legal liability or temporary security measures.